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Method for the authorization of transactions 



5 

Technical field of the invention 

The present invention relates to a method according to the preamble of claim 1 . 
Devices and software units embodying the invention are also described. 



Background 

Digital signatures are commonly used in security and electronic commerce 
15 protocols to provide for an authentication of involved entities and transaction 

authorization. For efficiency and security reasons, digital signatures are normally 
applied to a hash of data to be signed instead of the data itself. A hash is a unique 
result which is created by a function from input data and which has a fixed size 
regardless of the amount of input data. Preferably, minimum changes in the input 
20 data cause maximum changes in the hash and the probability of possible results Is 
preferably equal for an arbitrary input. 

An authorization is often necessary for proxy based services used by wireless user 
equipment, e.g. a WAP (Wireless Application Protocol) phone. An example of such 
25 a service is a secure credit card payment using the Secure Electronic Transaction 
protocol. In the state of the art, the authorization can be performed using the 
signTextO function defined in the WML (Wireless Markup Language) Script Crypto 
Library (Wireless Application Forum, Ltd, 1999). The function requests that a user 
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digitally signs a text string. The string is displayed to the user who can choose 
either to approve the content or disapprove it. The latter alternative generally 
cancels the execution of the function. If the user approves the content, the string is 
signed and returned to the entity requesting the authorization, e.g. a program 
5 executed on a user equipment in a communication system. The signTextO function 
is targeted at data that can be displayed to a user as the specification requires that 
the user equipment must display the string for which the authorization is requested. 
This procedure has the advantage that the user is able to check the content which 
is signed. 

10 

However, it is often necessary to transmit large amounts of data to the user 
equipment which is especially disadvantageous for wireless connections with a low 
data transfer rate. Furthermore, it is sometimes impossible to display any or a 
meaningful text to the user which enables him to perform a conscious 

15 authorization. Often, proxy-based mobile applications are used for providing 
interoperability between WAP devices and customary Internet services and 
protocols. For proxy-based application the largest share of a transaction 
processing load is performed by a fixed network node and the engagement of the 
mobile terminal is minimized to the most critical functionality, especially digital 

20 signature operations. In this case, typically a need for signing a binary value arises 
when a signature request is sent by the fixed network node to the user. A binary 
content of the string in an authorization request has an obvious lack of meaning for 
the user or can even be unsuitable for display on a WAP terminal. 
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Summary and description of the Invention 

It is an object of the present invention to obviate the above disadvantages and 
provide an authorization method which allows a conscious signature of binary data 
5 by a user. It is a further object, to provide a method which offers the opportunity to 
reduce the amount of data required for a conscious authorization. 

According to the invention, the method described In claim 1 is performed. 
Furthermore, the invention is embodied in devices and program units as described 
1 0 in claims 1 4, 1 7 and 25. Advantageous embodiments are described in the 
dependent claims. 

In the proposed method, user equipment receives an authorization request with an 
identifier of a transaction and replies to the request with an authorization response. 

15 The authorization request corresponds to a content which is to be authorized, e.g. 
a transaction. A preferable identifier is determined in a unique way by the content 
and can be calculated from it. Generally, the identifier is a binary data value which 
is incomprehensible to a user. Therefore, an indication for the authorization request 
is determined by the sender of the request or by the user equipment, i.e. before the 

20 request is sent or after it is received. In a simple embodiment of the method, the 
indication can be a message that a confirmation of received data is requested, i.e. 
the same indication can be used for all requests, optionally amended by the 
identity of the sender. The indication is displayed by the user equipment, e.g. on 
the screen of a mobile phone. Alternatively or in addition, an output of the 

25 indication is possible In a different way, for example by an acoustical or vibratory 
signal to emphasize the indication or to allow authorizations by blind users. 
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The user performs an input into the user equipment to approve or disapprove the 
authorization request, for example by using a keypad of the device or by oral input 
if the user equipment comprises a speech processing unit. In case of an approving 
input of the user, a signature of the identifier is performed by a signing function, 

5 generally using a corresponding digital key of the user. An authorization response 
according to the approval or disapproval Is sent from the user equipment to the 
sender of the authorization request. An approving response comprises the signed 
identifier to ensure both that the signature was performed by the user equipment 
and that the authorization response corresponds to the content for which the 

10 authorization request was sent. 

The proposed method has the advantage, that the user signs only requests with a 
comprehensible content. The amount of data transferred to the user equipment can 
be reduced because the displayed text generally differs from the content for 

1 5 approval. Preferably, the Identifier has a fixed length to simplify the handling of the 
authorization request and response. The security of the method is ensured by the 
signature of the sender of the authorization response, even if a connection to the 
receiver of the response is not classified as safe. Signing a random binary value 
provides also the possibility of authentication and guarding against replay attacks 

20 in which a signature is intercepted by a third party and appended to a further 

message. A corresponding signing functionality is preferably an integral part of any 
cryptography application program interface and is provided by the proposed 
method. 

25 In a preferable embodiment of the invention, the identifier is a hash value of the 
content which is to be authorized. In this way, the identifier has an advantageous 
fixed length* A hash value is especially sensitive to small changes in the content so 
that typical variations with a fraudulent purpose like changing a single or few 
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figures in a contract can be excluded, A hash value with a comparatively small 
length, e.g. in the range of some 50 to several hundred bits, gives a sufficiently 
clear indication of the content for approval for most purposes. 

5 It is proposed that a check is performed whether the authorization request 

comprises a string and the indication is the detected string or a default string else. 
The string contains preferably a short text which identifies the content for 
authorization to the user in a clear way. It can, for example, comprise a reference 
text describing the content for authorization or a short reference to the content as a 

1 o whole like a document number or contract number. For orders and purchases, a 
short description and the number of selected items, the amount for each item and 
the total amount to be paid are suitable elements of the string. A default string is 
preferably a general information that a transaction is to be authorized, optionally 
with a warning that an approval constitutes a completion of a contract. It is possible 

15 that the user equipment has a stored set with several default strings which are 
displayed according to parameters in the authorization request. 

The authorization response preferably includes the string displayed, i.e. the string 
sent with the authorization request or the default string. For this purpose, the 
20 authorization request can comprise a parameter which indicates whether the 

sender expects that the response is amended by the string displayed. Optionally, 
the displayed string can be included in any authorization response. Storing the 
displayed string provides the receiver of the authorization response with a proof of 
the indication if legal disputes about the authorization procedure arise at a later 



It is proposed that a check is performed whether a connection is classified as safe 
and the indication comprises a result of the check or is selected according to the 



25 



time. 
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check. In this way, the user receives an information whether the authorization 
request is received from a secure source. A safe connection is for example an end 
to end wireless transport layer security connection according to the WAP protocol 
stack. 

An advantageous authorization request comprises a signature of the sender, in this 
case, a check of the sender signature is performed in the user equipment which 
has a processing system adapted to this purpose and preferably a memory with 
corresponding authentication information. The indication can comprise the result of 
the check or be selected according to the result. It is proposed that the 
authorization procedure is cancelled if neither the connection is safe nor a 
signature of the sender is included in the request or if a signature is invalid. 

It is proposed for an authorization request or an authorization response that a 
concatenation of the identifier and at least one further parameter is signed. 
Especially, the indication displayed to the user can be included in the signed 
content as a confirmation. Signing the concatenation provides a secure 
authentication of all concatenated parameters with low computational requirements 
and ensures that the concatenated parameters were signed in a single procedure. 

Preferably, a signature depends on a parameter which varies in consecutive 
messages to avoid a replay attack. For this purpose, the signed content can for 
example comprise a time stamp, a random value or a counter. The variable 
parameter is preferably included in the message with the signature to allow the 
authentication by the receiver. It is possible that the signature depends on more 
than one variable parameter, e.g. if a hashing function includes a random value in 
the hash which Is then be concatenated with a time stamp before the signature. 
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The method is especially suited for an authorization request which is sent by a first 
server after reception of one or several messages from a further entity, e.g. a 
further server or another device or application. The first server is for example a 
mobile server for adapting messages and messaging sequences between a further 

5 entity in a fixed network, e.g. the Internet and wireless user equipment The mobile 
server processes and replies to messages from the further entity in the fixed 
network to reduce the amount of data sent over wireless connections to user 
equipment. The further entity can, for example, process transactions for a 
merchant who offers goods or services which have to be paid. In this case, the 

10 authorization procedure is used to perform the payment. 

An advantageous message from the further entity comprises the indication, e.g. a, 
short reference string for the content which is to be approved, or a parameter 
determining the indication. In this way, an ambiguous determination of the 
1 5 indication by the server is avoided and a service provider has an improved control 
of the information displayed by the user equipment. 

Generally, one or several messages from the further entity comprise the content for 
approval from which the identifier is determined, e.g. the text of a contract from 
20 which the server calculates a hash value. Preferably, the server forwards an 
approved identifier to the further entity as proof that the authorization was 
performed by the user equipment. 

Preferably, the server stores the indication or forwards it to the further entity. In this 
25 way, a proof can be stored which indication was displayed to the user. The 

indication can be stored or forwarded after it is determined for inclusion into the 

authorization request or after extraction from the authorization response. 

i 
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A server for processing authorization procedures in a communication system has 
an interface to exchange messages with user equipment of the communication 
system. Generally, messages are relayed by further devices in the communication 
system, e.g. routers forwarding the messages or radio base stations providing a 
wireless connection to th& user equipment. The server has a processing system 
with a unit to send an authorization request for a content which is to be authorized 

i 

to the user equipment and to receive an authorization response from the user 
equipment. Preferably, trie unit is a software program. 



In a server according to the invention, the processing system determines an 
identifier for the content and includes the identifier into the authorization request. 
Preferably, the identifier is a hash value calculated from the content which is to be 
authorized. Furthermore; the processing system determines an indication for the 
15 content and includes thej indication also into the authorization request. The server 
checks the authorization: response for the identifier signed by the user equipment, 
i.e. for an approval of the request. The server can perform any steps of the above- 
described methods which relate to the server. 

20 An advantageous server comprises an interface to receive messages from a 
further entity over the communication system, e.g. from a further server. In this 
case, the processing system is adapted to extract the content for authorization 
from a message received from the further network entity and to send a reply to the 
further network entity. The reply is determined by the authorization response, I.e. 

25 the reply indicates to th^ further entity whether the authorization is approved or 
disapproved. 
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A user equipment for a communication system, for example a mobile phone in a 
mobile communication system, has a transmission unit to receive and send 
messages. The messages comprise for example signaling messages for 
controlling connections and payload messages to transmit data or speech and 

5 especially authorization requests and authorization responses. Units of the user 
equipment process input of a user which is entered for example by a keypad and 
perform output to the user, e.g. with a display. Furthermore, parameters can be 
signed with a digital key iof the user by a corresponding unit of the equipment The 
units can comprise hardware parts, e.g. a transceiver in the transmission unit, 

10 circuitry for control of a display in the output unit and circuitry for control of a 
keypad in the input unit.jThe units can also include software code which is 
executed in a processing system of the user equipment Especially, the signing unit 
will generally be implemented by a software function. 



15 



20 



25 



The processing system executes an operating software controlling said units. It is 
adapted to process an authorization request with an identifier of a transaction and 
to reply to the request wjith an authorization response. The identifier is preferably a 
hash value of a content jwhich is to be authorized. The processing system includes 
a unit, preferably embodied as software code, to determine an indication for the 
request, to initiate the output of the indication by the output unit and to wait for an 
approval of the request by the user received via the input unit. According to the 
approval, the processing system initiates the sending of an authorization response 
by the transmission unitl In an approving authorization response, the processing 
system includes the sighed identifier which is determined by the signing unit. For 
this purpose, a digital key can be stored In a memory of the user equipment. A 
skilled person is aware hat all described steps executed by the processing system 
can be performed by software code executed in the processing circuitry. 



P13427-ATO 



2000-05-08 



10 



20 



25 



In a preferable user equipment, the processing system performs a check whether 
the authorization request comprises a text string and selects the detected string as 
indication or a default stnng else 

It is proposed, that the pipcessing system includes the displayed indication in the 
authorization response. 



processing ■ 



ths 



Advantageously, the 
classified as safe. For 
10 safe can be stored in a 
corresponding parameters 
includes the result of the 
to the check. 



system performs a check whether a connection is 
purpose, parameters defining whether a connection is 
npemory of the user equipment and be compared to the 
of a present connection. The processing system 
check in the indication or selects the indication according 



15 To enhance the security of a transaction, a preferable user equipment checks 
whether the authorization request comprises a signature of the sender. The 
equipment performs a check of the sender signature. It is proposed that the 
processing system includes the result of the check in the indication or selects the 
indication according to tjie check. 

I 
i 

In an advantageous usejr equipment, the processing system signs a concatenation 
of the identifier and at lejast one further parameter. 

Preferably, the processing system includes a parameter which varies in 
consecutive authorization requests or authorization responses into a signed 
content, e.g. a hash value, optionally concatenated with further parameters. 
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A computer program unit for receiving an authorization request with an identifier of 
a transaction and replying to the request with an authorization response can be 
stored on a data carrier or can be directly executable in a processing system of 
user equipment. Especially, parts of a program unit according to the invention can 

5 be embodied by a software function which is called by the authorization request. 
The unit comprises code for reception of the authorization request, i.e. for 
identification that an authorization request was received and extraction of 
parameters from the request, especially an identifier for the authorization request. 
The unit determines an indication for the authorization request, for example by 

1 0 extracting a text string from the authorization request or by selecting it from a 

memory according to parameters in the request. The unit initiates an output of the 
indication which is generally performed by an output unit. When an input approving 
or disapproving the authorization request is received, the program unit determines 
the authorization response according to the input. For an approval, a signature of 

15 the identifier is initiated and performed by the program unit or by a further unit. The 
signed identifier is included in an approving authorization response. 

The foregoing and other objects, features and advantages of the present invention 
20 will become more apparent in the following detailed description of preferred 
embodiments as illustrated in the accompanying drawings. 



25 Brief description of the drawings 

Fig. 1 shows a transaction authorization according to the invention using a signed 
hash value. 
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Fig. 2 shows a further transaction authorization according to the invention. 
Fig. 3 shows a transaction according to the invention involving several entities. 
Fig. 4 shows a user equipment according to the invention. 
Rg. 5 shows a flow chart of a process executed in a server according to the 
5 invention 



Detailed description of preferred embodiments 

10 

Figure 1 shows an example of an authorization procedure in the proposed method 
between a user equipment UE, e.g. a WAP terminal, and a server MS, e.g. a WAP 
server. Over a communication system, the server MS is generally connectable to 

1 5 other entities, for example further servers or application programs. A program 
executed in the processing system of the user equipment UE sends a service 
request to the server MS which processes the requested service. During this 
procedure, the server MS can exchange messages with other entities in the 
communication system. The server MS generates a binary identifier H which is 

20 sent with an authorization request to the user equipment UE for approval, i.e. for 
signature. Generally, the binary identifier H is a hash of a message sent from a 
further entity to the server. 



25 As depicted in figure 2, the server MS can also generate a text string T which is 

included in the authorization request and displayed by the user equipment UE. The 
text string is a comment for the user identifying the content which is to be signed 
and can comprise all or a part of the hashed data, e.g. an amount for payment, a 
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document number, the title of a contract or a list of Items ordered. To allow a 
validation of the relation between the string T and identifier H by the user 
equipment UE, preferably a concatenation of the identifier H and the string T is 
signed by the server WIS. i.e. a parameter SO(sk. HilT) is included into the 

5 authorization request wherein SO denotes the signing function, sk the signature 
key of the server MS and II is the concatenation symbol. The text string and the 
server's signature are optional parameters of the authorization request. 
Furthermore, the authorization request can comprise a parameter "receipt* which is 
preferably a boolean value and which indicates if a user's receipt is expected by 

1 0 the server MS in the response. 

After reception of the authorization request, the user equipment UE checks the 
number of arguments included. In case there is only one argument, i.e. only the 
mandatory binary identifier H as depicted in figure 1 , the user equipment UE 
1 5 displays a message to the user that a binary value to be signed was received and 
asks for confirmation. The user can either accept or reject to perform the signature 
process. In order to enhance the security, the single parameter version of the 
authorization request is accepted by an advantageous user equipment UE only in 
case of a secure connection. 

20 

In case of an authorization request with two or more arguments, one argument is 
preferably a signature of the server MS. The user equipment UE verifies the server 
signature SO (sk, ...) with sk denoting a signature key of the server. A further 
argument is preferably a text string T which is displayed by the user equipment UE 
25 in addition to the result of the signature verification. The user is prompted to accept 
or reject the signature process, for example by pressing a YES key or a NO key on 
a keypad of the user equipment UE or by pronouncing a corresponding command 
if the user equipment has a speech processing unit. Optionally, the arguments of 

P13427-ATO 2000-05-08 
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the authorization request, e.g. a triple H, T, SO (sk, WIT), can be saved in a 
memory of the user equipment UE for future use. 

The authorization response from foe user equipment UE comprises the binary 
5 identifier H signed by the user equipment UE, i.e. SO (ck, H) wherein ck is an 

authorization key of the user equipment UE. The value SO (ck, H) ensures that the 
authorization request was signed by the user equipment and identifies clearly the 
signed content. Optionally, a signed receipt containing a concatenation of the value 
which is to be signed and the text string for display can be demanded by the 
1 0 server, e.g. by the parameter "receipt" in figure 2. Storing the receipts by the server 
provides for a repudiation of the signed transaction content by the user in case of 
future disputes about the signed content. The receipt provides a proof that the user 
was informed about the content of the signed data. 

15 To improve authorization of transactions by user equipment UE which is adapted 
both to using the described method and the Wireless Application Protocol (WAP), a 
new WMLScript Crypto Library function is proposed which is denoted "signDataQ" 
below. It is alternatively conceivable to adapt an existing function for this purpose 
but preferably the new function is added to the WML for clarity reasons. The 

20 function signDataO is application independent and can be used by every WAP 
secure application layer protocol. The table shows an advantageous function 
specification which can be used in order to sign a hash value. In this case, the 
authorization request is a call of the signDataO function in the client, i.e. the user 
equipment UE. 

25 
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WMLScript: 


a) signData(H); 

b) signData(H, T, SO(sk, HUT), receipt); 


Parameters: 


H, T. sk, receipt. SOCsk, HUT) 


i Output: 


If receipt=FALSE: The binary value signed by the 
user equipment: SO (ck, H) 

If receipt=TRUE: The binary value signed by a user 
equipment: SO (ck. H) and a receipt: SO (ck, HUT) 


Associated 
Event: 


User equipment displays either: 
the string T and a result of SO (sk, HUT) 

verification, or 
a message informing that identifier H is not 

authenticated by a server. 

The user has to confirm or disapprove every signing 
operation. 



In the table, H denotes binary data to be signed (e.g. a hash value). SO (sk, HUT) 
are the concatenated H and T values signed by a server. A text string T is 
5 optionally displayed to the user. The parameter sk is an authentication key for the 
server MS, ck is a key for the user equipment UE. 

Since an authorization request, e.g. a function call signDataO, can be initiated from 
any server or application, a user is not always aware of the origin. To avoid 

1 0 improper use of the request, an authorization response by the unauthenticated 

version of the signDataQ function is preferably performed only in case of an end-to- 
end secure connection between a WAP terminal and a WAP server, e.g. a 
WTLS/SSL (Wireless Transport Layer Security/Secure Sockets Layer) connection 
or an end-to-end WTLS connection. Else the function is cancelled without sending 

15 a response. 



Unless confidentiality is required, the authenticated signData() function can be 
used without WTLS if the signature from a trusted server is determined as valid. 
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Digital signatures of the hash value provide mutual authentication between a WAP 
user equipment and a WAP server. 



Preferably, a mechanism is provided in the authorization request and authorization 
5 response to avoid replay attacks. For example, a time dependent parameter CLK is 
added to the input parameters for the signing function SO. When using a function 
signData an advantageous set of parameters is therefore (H, T, CLK, SO (sk, 
HHTHCLK)). To allow a verification of the signature by the user equipment UE or 
the server MS, respectively, the parameter CLK is included in the authorization 
1 0 request or response. Since the value SO (. . . , CLK) is generally different for every 
transaction, a replay attack can be excluded. 

The proposed authorization procedure can advantageously also be used for 
authentication of the user equipment by using the authorization request to approve 
15 the authentication. 

In figure 3, an exemplary transaction flow for a secure payment is depicted. In the 
example, the user equipment UE is a WAP terminal, e.g. a mobile phone, while the 
20 server is a Secure Electronic Transaction mobile server MS. A further server FS is 
operated by a merchant or supplier with whom the user of the equipment UE wants 
to perform a transaction. The further server FS also supports the Secure Electronic 
Transaction protocol. The mobile server MS and the further server FS are 
connected over the Internet. 

25 

If a user wants, for example, to purchase a plane ticket with a credit card, he starts 
a browser application on his user equipment, browses to the WAP site of a travel 
agency and exchanges messages to select a flight, date and seat. The user 
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selects a protocol for the purchase, e.g. the Secure Electronic Transaction 
protocol, and sends a service request with the selected Items to the mobile server 
MS. Optionally, the request contains further information, e.g. a selected merchant If 
several merchants share the further server FS. The mobile server MS initiates the 

5 payment transaction with thB further server FS by a payment initiation request 
forwarding the selection of the user. The further server replies with a payment 
Initiation response message which comprises authentication certificates of the 
supplier and a content which has to be authorized by the user, generally a contract 
or a part of a contract like an amount for a purchase. In the example, the content 

1 0 preferably comprises the selected flight, date and seat together with the amount for 
the ticket, 

The mobile server MS checks the validity of the certificates and calculates a hash 
of the content received from the further server FS for authorization. If the content 

15 comprises a text which is comprehensible to the user the mobile server preferably 
selects a string which indicates the transaction, e.g. ordered items and an amount 
for a purchase or the heading of a contract. The mobile server MS sends the hash 
of the content and preferably the text string to the user equipment UE. For this 
purpose, an authorization request with a call of the function slgnTextO can be used 

20 if the user equipment UE is a WAP terminal. 

In the example, a multiple hash denoted PI-TBS is used. The multiple hash 
comprises at least a first hash value determined from a first group of parameters, 
e.g. the ordered items and an amount for the purchase, and a second hash value 
25 determined from a second group of parameters, e.g. the amount for the purchase 
and a credit card number or other account information. Parameters can be parts of 
two or more groups. The value Pl-TBS is a further hash determined from the hash 
values for the parameter groups. Consequently, contents for different receivers, 
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e.g. the merchant receiving an order and the bank with an account for the user, 
can be authorized in a single transaction while any receiver can only access those 
parameters which are necessary for him- 

5 If the authorization request is authenticated by a signature of the mobile server MS, 
the user equipment UE verifies the signature and displays the content of a received 
text string to the user or a default string else, in case of an unauthenticated 
authorization request, a preferable user equipment UE checks whether the 
connection used is classified as secure or not. For example, a WAP terminal 

1 0 checks the status of the WTLS connection, If the connection is not classified as 
secure, the authorization request is denied and a corresponding information is 
shown to the user. If a secure connection is used, preferably an information that 
unauthenticated data is received for signing is displayed to the user. 

15 The user equipment UE asks the user to approve or disapprove the signing 
operation and transmits his answer to the mobile server in an authorization 
response- If the user disapproves the signing or does not enter a response within a 
predetermined time interval or enters an invalid response, the procedure Is 
preferably cancelled and a corresponding response is sent to the mobile server 

20 MS. If the user approves the signing, the user equipment UE signs the hash with 
his private key ck and sends it back to the mobile server MS. 

The mobile server MS includes the answer of the user, especially the signed hash 
SO (ck, PI-TBS) in a payment request message and sends it to the further server 
25 FS. In the example, the payment request message is a Secure Electronic 

Transaction payment request. The further server can either accept or reject the 
payment request according to stored conditions, especially if the user is a regular 
customer and has an account. Alternatively, the further server can in turn initiate a 
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dialogue, e.g. to a third server BS of a bank with an account indicated in the 
payment request, to identify whether the payment request is acceptable before a 
payment response is sent. With the multiple hash PI-TBS, the first hash from the 
first parameter group can be evaluated in the further server FS while the second 
5 hash from the second parameter group can be forwarded to the third server BS for 
evaluation. In the payment response, the further server FS notifies the mobile 
server whether it accepted the payment request. After receiving the payment 
response from the further server FS. the mobile server MS forwards the payment 
result, i.e. parameters from the payment response indicating the confirmation or 
1 0 rejection of the transaction content by the further server FS to the user equipment 
UE. For this purpose, a service response message Is used which ends the 
transaction to the user equipment UE. 



1 5 Figure 4 shows user equipment for processing authorization procedures. The user 
equipment is for example a mobile phone or another terminal equipment, e.g. a 
personal digital assistant or a laptop. It comprises an input unit IU with a keypad 
and corresponding control circuitry and an output unit OU with a display and 
corresponding control circuitry. A transmission unit TU with a transceiver allows 

20 wireless connections over an antenna ANT to a communication system. All units 
are controlled by a processing system PS which can access a memory MEM. The 
units can include software code which is executed In the processing system PS 
and can share hardware and software, e.g. if the keypad is displayed on a touch 
screen. 



25 



When an operating software OS executed in the processing system PS receives 
an authorization request via transmission unit TU, a software unit for processing 
the authorization request is started. A preferable software unit is the function 

P 1 3427-ATO 2000-05-08 



if 



1^^^^ B- 0 : ^f$ffi£$ 2407 575400. .49 89 2399^|;: 



20 



signDataO. The function signDataO extracts parameters from the request, 
especially an Identifier H corresponding to a transaction and a text string T, The 
function signDataO determines an indication for the request, i.e. the text string T or 
a default string stored in the memory MEM if the authorization request does not 

5 include a text string T. The function signDataO then initiates an output of the 
indication by the output unit OU and waits for an approval of the request by the 
user which is received via the input unit IU. If the input approves the authorization, 
the function signDataO initiates a signing of the identifier H, which is generally 
performed by separate signing unit SU executed in the processing system. 

1 0 According to the approval, the function signDataO determines an authorization 
response and initiates the sending of the response by the transmission unit TU. 
The authorization response includes the signed identifier SO (ck, H). 



15 A flow chart of a process for authorization in a server according to the invention is 
depicted in figure 5. In an initial step 2, the server detects that an authorization is 
necessary. For example, tiie server can receive a message requesting an 
authorization from another entity in a communication system or an application 
executed on the server requires an authorization. Parameters necessary for an 

20 authorization request are determined by a procedure 4. As identifier H, a hash 
value is calculated from the content which is to be authorized. Furthermore, an 
indication T for display to a user is determined and a signature of the concatenated 
identifier H and indication T by a digital key sk of the server is performed with a 
signing function SO. 

25 

The parameters are included in an authorization request which is sent in step 6 to 
a user equipment for approval and the reception 8 of an authorization response is 
waited for- The authorization response is processed by the server in a procedure 
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10, wherein a check is performed whether it contains a signature of the identifier H 
by a key ck of the user equipment with the same or a further signing function SO'. 
If the authorization was initiated by a message from a further entity, the value 
SO'(ck, H) can be forwarded for evaluation or the approval or disapproval can be 
5 confirmed to the further entity after checking the validity of the value SO'fck, H). 

The above embodiments admirably achieve the objects of the invention. However, 
it will be appreciated that departures can be made by those skilled in the art 
1 0 without departing from the scope of the invention which is limited only by the 
claims. 
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Abstract 

A method for the authorization of transactions is described, wherein a user 
5 equipment receives an authorization request with an identifier of a transaction and 
replies to the request with an authorization response. For an authorization request, 
an indication Is determined which is output by the user equipment (UE). Preferably, 
the identifier is a hash value of the content which is to be authorized. After an input 
to approve or disapprove the authorization request, the identifier (H) is signed and 
10 the authorization response according to the input is sent, wherein an approving 
authorization response comprises the signed identifier (H). Devices and software 
programs adapted to the method are also described. 

15 " Fig- 1 - 
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Claims 



1 Method for the authorization of transactions, wherein a user equipment receives 
5 an authorization request with an identifier of a transaction and replies to the 

request with an authorization response, said method comprising the steps of 

reception of the authorization request, 

determining an indication for the authorization request. 

output of the indication by the user equipment (UE), 
I o waiting for an input to approve or disapprove the authorization request, 

signing the identifier (H), 

sending the authorization response according to the input, wherein an 
approving authorization response comprises the signed identifier (H). 

1 5 2. Method according to claim 1 . wherein the identifier (H) is a hash value. 

3. Method according to claim 1 or 2. wherein a check is performed whether the 
authorization request comprises a string (T) and the indication is the detected 
string (T) or a default string else. 

20 

4. Method according to any preceding claim, wherein the displayed indication is 
included in the authorization response. 

5. Method according to any preceding claim, wherein a check is performed 

25 whether a connection is classified as safe and the indication comprises a result 
of the check or is selected according to the check. 
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Method according to any preceding claim, wherein the authorization request 
comprises a signature of the sender and a check of the sender signature is 
performed. 

Method according to claim 6, wherein the indication comprises a result of the 
check or is selected according to the check. 

Method according to any preceding claim, wherein a concatenation of the 
identifier (H) and at least one further parameter is signed. 

Method according to any preceding claim, wherein a signature depends on a 
parameter which varies in consecutive authorization requests or authorization 
responses. 

15 10. Method according to any preceding claim, wherein the authorization request is 
sent by a server (MS) after reception of a message from a further entity. 

1 1 . Method according to claim 10, wherein the message comprises the indication or 
a parameter determining the indication. 

20 

12. Method according to claim 10 or 1 1 , wherein the server (MS) f onwards an 
approval of the identifier (H) to the further entity. 

13. Method according to any of the claims 10 to 12, wherein the server (MS) stores 
25 the indication or forwards it to the further entity. 

14. Server for processing authorization procedures in a communication system with 

i 

an interface to exchange messages with user equipment of the communication 
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system, wherein the server has a processing system adapted to send an 
authorization request for a content which is to be authorized to the user 
equipment and to receive an authorization response from the user equipment, 

ftharacterfc ad in that 

5 the processing system determines an identifier (H) for the content and includes 
the identifier (H) into the authorization request, 

the processing system determines an indication for the content and includes the 
indication into the authorization request 

and the server (MS) checks the authorization response for the identifier (H) 
1 o signed by the user equipment (UE). 

15. Server according to claim 14, wherein the server (MS) comprises an interface 
to receive messages from a further entity and the processing system is adapted 
to extract the content for authorization from a message received from the 
1 5 further network entity and to send a reply to the further network entity, wherein 
the reply Is determined by the authorization response. 

16. Server according to any of the claims 14 or 15, wherein the server (MS) 
performs at least one step of a method according to any of the claims 1 to 1 3. 



20 



17. User equipment for a communication system, especially for a mobile 

communication system, with a transmission unit to receive and send messages, 
the messages comprising authorization requests and authorization responses, 
a unit to process input of a user, a unit to perform an output to the user, a unit 
25 to sign parameters^ a processing system (PS) controlling said units which is 
adapted to process' an authorization request with an identifier (H) of a 
transaction and to reply to the request with an authorization response, wherein 
the processing system (PS) includes a unit to determine an indication for the 
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request, to initiate the output of the indication by the output unit (OU), to wait for 
an approval of the request by the user, to initiate the signing of the identifier (H) 
and to initiate the sending of an authorization response with the signed identifier 
(H) by the transmission unit (TU). 

5 

18. User equipment according to claim 17, wherein the processing system (PS) 
performs a check whether the authorization request comprises a string (T) and 
selects the detected string (T) as indication or a default string else. 

10 19. User equipment according to claim 1 7 or 1 8, wherein the processing system 
(PS) includes the displayed indication in the authorization response. 

20. User equipment according to any of the claims 17 to 19, wherein the processing 
system (PS) performs a check whether a connection is classified as safe and 

1 5 includes the result of the check in the indication or selects the indication 
according to the check. 

21 . User equipment according to any of the claims 17 to 20, wherein the 
authorization request comprises a signature of the sender and the processing 

20 system (PS) performs a check of the sender signature. 

22. User equipment according to claim 21, wherein the processing system (PS) 
includes the result of the check in the indication or selects the indication 
according to the check. 

25 

23. User equipment according to any of the claims 17 to 22, wherein the processing 
system (PS) signs a concatenation of the identifier (H) and at least one further 
parameter. 
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24 User equipment according to any of the claims 17 to 23. wherein the process^ 
' system (PS) includes a parameter which varies in consecutive authonzat.cn 
requests or authorization responses into a signed content. 

25 Computer program unit for receiving an authorization request with an identifier 
' of a transaction and replying to the request with an authorization response, Ihe 
program unit comprising code for performing the steps of 
reception of the authorization request, 
1 o determining an indication for the authorization request, 
initiating the output of the indication, 

waiting for an input approving or disapproving the authorization request, 
initiating the signing of the Identifier (H), 

determining the authorization response according to the input, wherein an 
1 5 approving authorization response comprises the signed identifier <H). 

26 Computer program unit according to claim 25, wherein the program unit 
performs at least one step of a method according to any of the claims 2 to 9. 



20 
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